1# -*- mode: perl; -*-
2# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10## Test version negotiation
11
12package ssltests;
13
14use strict;
15use warnings;
16
17use List::Util qw/max min/;
18
19use OpenSSL::Test;
20use OpenSSL::Test::Utils qw/anydisabled alldisabled disabled/;
21setup("no_test_here");
22
23my @tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
24# undef stands for "no limit".
25my @min_tls_protocols = (undef, "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3");
26my @max_tls_protocols = ("SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3", undef);
27
28my @is_tls_disabled = anydisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
29
30my $min_tls_enabled; my $max_tls_enabled;
31
32# Protocol configuration works in cascades, i.e.,
33# $no_tls1_1 disables TLSv1.1 and below.
34#
35# $min_enabled and $max_enabled will be correct if there is at least one
36# protocol enabled.
37foreach my $i (0..$#tls_protocols) {
38    if (!$is_tls_disabled[$i]) {
39        $min_tls_enabled = $i;
40        last;
41    }
42}
43
44foreach my $i (0..$#tls_protocols) {
45    if (!$is_tls_disabled[$i]) {
46        $max_tls_enabled = $i;
47    }
48}
49
50my @dtls_protocols = ("DTLSv1", "DTLSv1.2");
51# undef stands for "no limit".
52my @min_dtls_protocols = (undef, "DTLSv1", "DTLSv1.2");
53my @max_dtls_protocols = ("DTLSv1", "DTLSv1.2", undef);
54
55my @is_dtls_disabled = anydisabled("dtls1", "dtls1_2");
56
57my $min_dtls_enabled; my $max_dtls_enabled;
58
59# $min_enabled and $max_enabled will be correct if there is at least one
60# protocol enabled.
61foreach my $i (0..$#dtls_protocols) {
62    if (!$is_dtls_disabled[$i]) {
63        $min_dtls_enabled = $i;
64        last;
65    }
66}
67
68foreach my $i (0..$#dtls_protocols) {
69    if (!$is_dtls_disabled[$i]) {
70        $max_dtls_enabled = $i;
71    }
72}
73
74sub no_tests {
75    my ($dtls) = @_;
76    return $dtls ? alldisabled("dtls1", "dtls1_2") :
77      alldisabled("ssl3", "tls1", "tls1_1", "tls1_2", "tls1_3");
78}
79
80sub generate_version_tests {
81    my ($method) = @_;
82
83    my $dtls = $method eq "DTLS";
84    # Don't write the redundant "Method = TLS" into the configuration.
85    undef $method if !$dtls;
86
87    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
88    my @min_protocols = $dtls ? @min_dtls_protocols : @min_tls_protocols;
89    my @max_protocols = $dtls ? @max_dtls_protocols : @max_tls_protocols;
90    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
91    my $max_enabled  = $dtls ? $max_dtls_enabled : $max_tls_enabled;
92
93    if (no_tests($dtls)) {
94        return;
95    }
96
97    my @tests = ();
98
99    for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1); $sctp++) {
100        foreach my $c_min (0..$#min_protocols) {
101            my $c_max_min = $c_min == 0 ? 0 : $c_min - 1;
102            foreach my $c_max ($c_max_min..$#max_protocols) {
103                foreach my $s_min (0..$#min_protocols) {
104                    my $s_max_min = $s_min == 0 ? 0 : $s_min - 1;
105                    foreach my $s_max ($s_max_min..$#max_protocols) {
106                        my ($result, $protocol) =
107                            expected_result($c_min, $c_max, $s_min, $s_max,
108                                            $min_enabled, $max_enabled,
109                                            \@protocols);
110                        push @tests, {
111                            "name" => "version-negotiation",
112                            "client" => {
113                                "MinProtocol" => $min_protocols[$c_min],
114                                "MaxProtocol" => $max_protocols[$c_max],
115                            },
116                            "server" => {
117                                "MinProtocol" => $min_protocols[$s_min],
118                                "MaxProtocol" => $max_protocols[$s_max],
119                            },
120                            "test" => {
121                                "ExpectedResult" => $result,
122                                "ExpectedProtocol" => $protocol,
123                                "Method" => $method,
124                            }
125                        };
126                        $tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
127                    }
128                }
129            }
130        }
131    }
132    return @tests if disabled("tls1_3") || disabled("tls1_2") || $dtls;
133
134    #Add some version/ciphersuite sanity check tests
135    push @tests, {
136        "name" => "ciphersuite-sanity-check-client",
137        "client" => {
138            #Offering only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
139            "CipherString" => "AES128-SHA",
140            "Ciphersuites" => "",
141        },
142        "server" => {
143            "MaxProtocol" => "TLSv1.2"
144        },
145        "test" => {
146            "ExpectedResult" => "ClientFail",
147        }
148    };
149    push @tests, {
150        "name" => "ciphersuite-sanity-check-server",
151        "client" => {
152            "CipherString" => "AES128-SHA",
153            "MaxProtocol" => "TLSv1.2"
154        },
155        "server" => {
156            #Allowing only <=TLSv1.2 ciphersuites with TLSv1.3 should fail
157            "CipherString" => "AES128-SHA",
158            "Ciphersuites" => "",
159        },
160        "test" => {
161            "ExpectedResult" => "ServerFail",
162        }
163    };
164
165    return @tests;
166}
167
168sub generate_resumption_tests {
169    my ($method) = @_;
170
171    my $dtls = $method eq "DTLS";
172    # Don't write the redundant "Method = TLS" into the configuration.
173    undef $method if !$dtls;
174
175    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
176    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
177    my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;
178
179    if (no_tests($dtls)) {
180        return;
181    }
182
183    my @server_tests = ();
184    my @client_tests = ();
185
186    # Obtain the first session against a fixed-version server/client.
187    foreach my $original_protocol($min_enabled..$max_enabled) {
188        # Upgrade or downgrade the server/client max version support and test
189        # that it upgrades, downgrades or resumes the session as well.
190        foreach my $resume_protocol($min_enabled..$max_enabled) {
191            my $resumption_expected;
192            # We should only resume on exact version match.
193            if ($original_protocol eq $resume_protocol) {
194                $resumption_expected = "Yes";
195            } else {
196                $resumption_expected = "No";
197            }
198
199            for (my $sctp = 0; $sctp < ($dtls && !disabled("sctp") ? 2 : 1);
200                 $sctp++) {
201                foreach my $ticket ("SessionTicket", "-SessionTicket") {
202                    # Client is flexible, server upgrades/downgrades.
203                    push @server_tests, {
204                        "name" => "resumption",
205                        "client" => { },
206                        "server" => {
207                            "MinProtocol" => $protocols[$original_protocol],
208                            "MaxProtocol" => $protocols[$original_protocol],
209                            "Options" => $ticket,
210                        },
211                        "resume_server" => {
212                            "MaxProtocol" => $protocols[$resume_protocol],
213                            "Options" => $ticket,
214                        },
215                        "test" => {
216                            "ExpectedProtocol" => $protocols[$resume_protocol],
217                            "Method" => $method,
218                            "HandshakeMode" => "Resume",
219                            "ResumptionExpected" => $resumption_expected,
220                        }
221                    };
222                    $server_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
223                    # Server is flexible, client upgrades/downgrades.
224                    push @client_tests, {
225                        "name" => "resumption",
226                        "client" => {
227                            "MinProtocol" => $protocols[$original_protocol],
228                            "MaxProtocol" => $protocols[$original_protocol],
229                        },
230                        "server" => {
231                            "Options" => $ticket,
232                        },
233                        "resume_client" => {
234                            "MaxProtocol" => $protocols[$resume_protocol],
235                        },
236                        "test" => {
237                            "ExpectedProtocol" => $protocols[$resume_protocol],
238                            "Method" => $method,
239                            "HandshakeMode" => "Resume",
240                            "ResumptionExpected" => $resumption_expected,
241                        }
242                    };
243                    $client_tests[-1]{"test"}{"UseSCTP"} = "Yes" if $sctp;
244                }
245            }
246        }
247    }
248
249    if (!disabled("tls1_3") && !$dtls) {
250        push @client_tests, {
251            "name" => "resumption-with-hrr",
252            "client" => {
253            },
254            "server" => {
255                "Curves" => "P-256"
256            },
257            "resume_client" => {
258            },
259            "test" => {
260                "ExpectedProtocol" => "TLSv1.3",
261                "Method" => "TLS",
262                "HandshakeMode" => "Resume",
263                "ResumptionExpected" => "Yes",
264            }
265        };
266    }
267
268    return (@server_tests, @client_tests);
269}
270
271sub expected_result {
272    my ($c_min, $c_max, $s_min, $s_max, $min_enabled, $max_enabled,
273        $protocols) = @_;
274
275    # Adjust for "undef" (no limit).
276    $c_min = $c_min == 0 ? 0 : $c_min - 1;
277    $c_max = $c_max == scalar @$protocols ? $c_max - 1 : $c_max;
278    $s_min = $s_min == 0 ? 0 : $s_min - 1;
279    $s_max = $s_max == scalar @$protocols ? $s_max - 1 : $s_max;
280
281    # We now have at least one protocol enabled, so $min_enabled and
282    # $max_enabled are well-defined.
283    $c_min = max $c_min, $min_enabled;
284    $s_min = max $s_min, $min_enabled;
285    $c_max = min $c_max, $max_enabled;
286    $s_max = min $s_max, $max_enabled;
287
288    if ($c_min > $c_max) {
289        # Client should fail to even send a hello.
290        return ("ClientFail", undef);
291    } elsif ($s_min > $s_max) {
292        # Server has no protocols, should always fail.
293        return ("ServerFail", undef);
294    } elsif ($s_min > $c_max) {
295        # Server doesn't support the client range.
296        return ("ServerFail", undef);
297    } elsif ($c_min > $s_max) {
298        my @prots = @$protocols;
299        if ($prots[$c_max] eq "TLSv1.3") {
300            # Client will have sent supported_versions, so server will know
301            # that there are no overlapping versions.
302            return ("ServerFail", undef);
303        } else {
304            # Server will try with a version that is lower than the lowest
305            # supported client version.
306            return ("ClientFail", undef);
307        }
308    } else {
309        # Server and client ranges overlap.
310        my $max_common = $s_max < $c_max ? $s_max : $c_max;
311        return ("Success", $protocols->[$max_common]);
312    }
313}
314
3151;
316